Compliance burden and cost
14.2 The Terms of Reference for this Inquiry require the ALRC to consider ‘the desirability of minimising the regulatory burden on business’. Business has identified the pervasive nature of privacy requirements as an important contributor to the cumulative regulatory burden it faces.[1] The Australian Chamber of Commerce and Industry has reported that, in response to …
Publications
Read moreMultiple regulators
14.21 Some industries are required to comply with multiple layers of privacy regulation overseen by more than one regulator. This has been identified as an issue in the telecommunications industry[32] and the financial services sector. For example, bank customers with privacy complaints may choose to lodge a complaint with the Banking and Financial Services Ombudsman …
Publications
Read moreSharing information
14.36 Inconsistent, fragmented and multi-layered privacy regulation can contribute to confusion about how to achieve compliance with privacy regulation. This, in turn, can result in reluctance by agencies and organisations to share information.[48]14.37 The OPC submitted that some obstacles to appropriate information sharing between agencies and organisations may arise either from misapplication or a ‘risk-averse’ …
Publications
Read moreThe costs of inconsistency and fragmentation
13.2 Chapter 14 discusses some specific problems caused by inconsistency and fragmentation. These problems include unjustified compliance burden, multiple privacy regulators, impediments to information sharing and issues related to government contractors. 13.3 The ALRC makes a number of recommendations throughout this Report directed at dealing with problems caused by inconsistency and fragmentation in privacy regulation. …
Publications
Read moreIntroduction
12.1 In this chapter, the ALRC discusses a potential consequence of an interference with the privacy of an individual—identity theft. The definition of identity theft, and existing responses to it in Australia and overseas, are discussed. In particular, recent moves to criminalise identity theft in Australia are considered. An overview of the ways in which …
Publications
Read moreGenerally available publications
11.26 Personal information about a substantial number of people is available from public sources such as electoral rolls, court records, state registers of births, deaths and marriages, annual reports and newspapers. This information may be of interest to people for a multitude of reasons. For example, it may be of interest to: people engaged in …
Publications
Read moreIndividuals acting in a personal capacity
11.3 The development of new technologies has increased the ability of individuals to impinge on the privacy rights of others. For example, individuals can monitor the online activities of others through the use of spyware,[3] or disclose the email addresses of others in emails sent to numerous recipients.[4] 11.4 In Issues Paper 31, Review of …
Publications
Read moreOversight powers of the OPC
Research and monitoring10.33 The OPC has two research and monitoring functions that are relevant to the regulation of new and developing technologies. These are to:conduct research and monitoring into data processing and computer technology (including data-matching and data-linkage) to ensure that any adverse effects of such developments on the privacy of individuals are minimised, and …
Publications
Read moreTechnology-specific guidance on the application of the model UPPs
10.49 In IP 31, the ALRC asked whether the privacy principles should be amended to deal with the impact of developing technology on privacy.[63] In DP 72, the ALRC expressed the view that these issues should not be covered in the model UPPs, but instead could form the subject of technology-specific guidance. 10.50 As noted …
Publications
Read moreMandating standards?
10.100 The term ‘standardisation’ can be used to refer to consistency and interoperability between technical systems. Standards also require compliance with certain specifications and procedures that are intended to result in appropriate levels of safety, privacy or security.[136]10.101 Local and international bodies are continuing to develop standards on privacy and security issues such as identification, …
Publications
Read more